Skip to content

Commit

Permalink
Merge forwardport of #12639 to 2.3-develop branch
Browse files Browse the repository at this point in the history
Applied pull request patch https://github.com/magento/magento2/pull/12639.patch (created by @mzeis) based on commit(s):
  1. 93ec6ea
  • Loading branch information
magento-engcom-team authored Jan 24, 2018
2 parents 5483dc7 + b5a4ee4 commit f442a76
Showing 1 changed file with 6 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -27,16 +27,14 @@ public function testXssSensitiveOutput()
* Static test will cover the following cases:
*
* 1. /\* @noEscape \*\/ before output. Output doesn't require escaping. Test is green.
* 2. /\* @escapeNotVerified \*\/ before output. Output escaping is not checked and
* should be verified. Test is green.
* 3. Methods which contains "html" in their names (e.g. echo $object->{suffix}Html{postfix}() ).
* 2. Methods which contains "html" in their names (e.g. echo $object->{suffix}Html{postfix}() ).
* Data is ready for the HTML output. Test is green.
* 4. AbstractBlock methods escapeHtml, escapeUrl, escapeQuote, escapeXssInUrl are allowed. Test is green.
* 5. Type casting and php function count() are allowed
* 3. AbstractBlock methods escapeHtml, escapeUrl, escapeQuote, escapeXssInUrl are allowed. Test is green.
* 4. Type casting and php function count() are allowed
* (e.g. echo (int)$var, echo (float)$var, echo (bool)$var, echo count($var)). Test is green.
* 6. Output in single quotes (e.g. echo 'some text'). Test is green.
* 7. Output in double quotes without variables (e.g. echo "some text"). Test is green.
* 8. Other of p.1-7. Output is not escaped. Test is red.
* 5. Output in single quotes (e.g. echo 'some text'). Test is green.
* 6. Output in double quotes without variables (e.g. echo "some text"). Test is green.
* 7. Other of p.1-6. Output is not escaped. Test is red.
*
* @param string $file
*/
Expand Down

0 comments on commit f442a76

Please sign in to comment.